With today's high speed networks, the need for preventing denial of service (“DOS”) and distributed denial of service (“DDOS”) attacks is much greater. With the tools and high-end machines available today, malicious attackers may easily overwhelm an unprotected system with a DOS or DDOS attack. Thus a need exists for a system to prevent DOS and DDOS attacks when a TCP connection is in an established state.